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♦ Simplified Fault Management (FM) 

♦ Application of System Health Management (SHM) theory for 
NASA Space Launch System (SLS) Abort System 

♦ What are Launch Vehicle Abort Triggers 

♦ Application and Example 

♦ Limitations and Conclusions 
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♦ SHM addresses activities that are described under several 
names: 

• Prognostics and Health Management 

• Fault Protection 

•Vehicle Health Monitoring and/or Management 

• Fault Detection, Isolation and Response (FDIR) 

•Diagnostics, Maintainability, Reliability, and Availability 

♦ Historically ad hoc set of processes and technologies that aim to 
predict, detect, diagnose, and response to failures 

♦ Basis for unified theory of SHM goes back nearly 20 years, and 
this theory provides the conceptual framework for the field and 
operational subset, Fault Management 

• FM theory can be considered as an extension of control theory [FM Control 
Loop (FMCL) Theory] 

♦ Purpose of SHM is to “Preserve the system’s ability to function 
as intended” 
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♦ Most crew threatening failures result in: 

• Launch vehicle explosions or loss of control 

• Inability to achieve orbit but able to maintain attitude control 

♦ Abort Triggers exist to enable crew escape from 
the hazard 

• An abort response cannot occur unless the abort condition is 
detected 

• If an abort condition is detected, the SLS can send an Abort 
Recommendation message to the MPCV, or a Warning 
message if the failure develops slowly 

♦ Abort Triggers can be on SLS, MPCV, Launch or 
Mission Control Center, or Flight Crew 

♦ Improvement to crew safety is measured as Loss of 
Crew (LOC) Benefit gained by adding Abort 
Triggers to the design 

• LOC Benefit is the highest-level metric 

• Calculated through Loss of Mission (LOM) Scenarios 
probabilities and associated Abort Effectiveness (AE) values 

♦ Provides crucial information to... 

• Assess probabilistic LOM and LOC requirements 

• Risk-informed design to select abort triggers 

• Develop operational procedures 
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Mufti- Purposed Crew 
Vehicle (MPCV): 



Launch Abort System (LAS) 
Orion Crew Capsule 
Service Module 



Interim Ciyogenic 
Repulsion Stage: 

Based on the Delta IV 
Heavy upperstage 

Core Stage: 

Newly developed forSLS, 
towers more than 200 
feet tall 


Solid Roc ket Boosters: 

Built on Space Shuttle 
hardware; more powerful 



RS-25 Engines: 

Space Shuttle enginesfor 
the firstfourflightsare 
already in inventory 


Block I SLS 70 mT 
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gic Flow Diagram 





FN: False Negative 
TP: True Positive 
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ATWT: Abortability Table Warning Time 
LOMS: Loss of Mission Scenario 
wrt: With respect to 
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♦ Prob. LOM = IE-05 per mission 

♦ Two primary triggers, PI and P2, 
and one secondary trigger, SI 

♦ Point estimates shown 

♦ AE is estimated with respect to LOM 
scenario, trigger, ATWT and 
abortability table type 


TRIGGERS 


Parameter 

PI 

P2 

SI 

Trigger Coverage % 

80% 

20% 

100% 

False Negative 

5% 

5% 

1% 

ATWT (ms) 

0 

-500 

-800 

AE (%) 

90% 

40% 

10% 



A1WT: Abortability Table Warning Time 

AE: Abort Effectiveness 

FN: False Negative 

TP: True Positive 

wrt: With respect to 


LOM Scenario Abort 
Effectiveness ~ 76.5% for 
the example abort trigger 
suite 

LOC Benefit ~ 7.7E-06 
LOM = IE-05 
LOC = 2.4E-06 
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♦ Represents the value of FM to mitigate potential, impending, and 
actual failures that threaten human safety 

•Value of these FMCLs depend on the probability of the failures that they mitigate 

♦ Useful in a comparative sense to assess different potential FM 
detections & responses 

♦ Example, assume that the probability of achieving orbit is 90% (or 
Prob. LOM = 10%) 

• If no abort action occurs, then LOM = LOC 

• If LOC requirement is set at 1% per mission, then Abort Triggers and abort 
responses must reduce the LOC accordingly 

• The difference between these values is the required amount of LOC Benefit that 
must be provided 

•Abort Triggers are worthwhile only if they provide “significant” value in driving 
LOC down to the required level 

♦ It is necessary to also estimate costs, such as the actual monetary 
and schedule costs to allow Program Managers to make informed 
decision 
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♦ Capturing and propagation of uncertainties 

• Each group performed their own calculations with their own uncertainties and 
assumptions; difficult to integrate them all 

• In M&FM, used Worst-on-Worst, Best-on-Best bounding instead of Monte 
Carlo Simulations 

♦ Several SLS groups already performed analyses that generated 
data similar to what was ultimately needed to perform the Abort 
Trigger Analysis 

• S&MA PRA 

-M&FM required more detail for some failure scenarios than PRA would otherwise 
have generated 

• GN&C analyses of GN&C Abort Triggers already existed 

-M&FM provided better framework to incorporate and interpret the data 

•STE already performed blast overpressure, debris and fireball analyses 

-M&FM provided inputs to STE to define needed analyses, and to define the 
structure for inputs to (warning times, phases, time steps and bounds), and outputs 
from (“abortability” / survivability) STE 
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♦ SHM/FM theory has been successfully applied to the selection of the 
baseline set Abort Triggers for the NASA SLS 

• Quantitative assessment played a useful role in the decision process 

♦ M&FM, which is new within NASA MSFC, required the most “new” 
work, as this quantitative analysis had never been done before 

• Required development of the methodology and tool to mechanize the process 

• Established new relationships to the other groups 

♦ The process is now an accepted part of the SLS design process, and 
will likely be applied to similar programs in the future at NASA MSFC 

♦ Future improvements 

• Improve technical accuracy 

-Differentiate crew survivability due to an abort, vs. survivability even no immediate abort 
occurs (small explosion with little debris) 

-Account for contingent dependence of secondary triggers on primary triggers 
-Allocate “A LOC Benefit” of each trigger when added to the previously selected triggers. 

• Reduce future costs through the development of a specialized tool 

♦ Methodology can be applied to any manned/unmanned vehicle, in 
space or terrestrial 
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Thank You and Finally... 
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SLS is the 
first step 
in the 

journey 



Id Mats 


Going to Mars will be difficult. 

SLS provides the power that it takes. 




The Path To Mars 


MISSION: 6 TO 12 MONTHS 

RETURN TO EARTH: HOURS 


MISSION: 1T0 12 MONTHS 

RETURN TO EARTH: DAYS 


HUMAN EXPLORATION ■% 

NASA’s Path to Mars 

EARTH RELIANT PROVING GROUND ' MARS READY 


MISSION: 2 TO 3 YEARS 

RETURN TO EARTH: MONTHS 


Mastering fundamentals 
aboard the International 
Space Station 


U.S. companies 
provide access to 
low-Earth orbit 


• • 

Expanding capabilities by 
visiting an asteroid redirected 
to a lunar distant retrograde orbit 
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The next step: traveling beyond low-Earth 
orbit with the Space Launch System t 
rocket and Orion spacecraft 




Developing planetary independence 
by exploring Mars, its moons and 
other deep space destinations 





Going 

out 

there to 

better 
life here 


J oin uson 

the journey 

www.nasa.gov/sls 
www.twitter.com/nasa _sls 
www.facebook.com/nasasls 
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